BBB Warns: Extremely High Risk of Phishing Emails
Advice for Customers at Risk Due to Epsilon Data Breach
Austin, TX -- BBB www.bbb.org, has already heard from hundreds of consumers nationwide that may be victims of phishing attempts, due to the massive data breach of thousands of names and email addresses from Dallas-based Epsilon. The company, a third-party marketing service used by high-profile businesses to distribute emails to customers, confirmed the data breach last Friday and explained that the information stolen was limited to names and email addresses. The amount of data stolen is under investigation and has not yet been officially confirmed.
According to SecurityWeek, hotels, banking institutions and retail giants including Best Buy, Citi, Chase, U.S. Bank, Capitol One, Walgreens, Kroger, Marriott International, Ritz-Carlton Rewards, Brookstone, New York & Co., TiVo, HSN and L.L. Bean are among the confirmed companies whose customer data has been stolen.
Given that the hackers now have access to customer email addresses, there is an extremely high risk for phishing attacks, where hackers may pose as official companies in an attempt to fraudulently obtain consumers’ personal or financial information. BBB warns all consumers to use extreme caution and suggests the following tips to avoid becoming a victim of a phishing attack:
Never reply to an email that is asking you for personal information. Even if the email appears to be from a trusted source, this may be a phishing attack, where someone is trying to illegitimately obtain your personal or financial information and it should be considered a threat. Delete the email immediately.
Do not click on any links in an email from a company or an individual that you are unfamiliar with. This may be a phishing attack, where someone is trying to redirect you to a website that may automatically trigger malicious code and infect your computer. If you really want to check out a link sent to you by email, research the company or individual first to confirm they are trustworthy. If so, then manually retype the link into a secure web browser.
Always verify a website’s security before sharing information. Whenever you are providing sensitive information such as credit cards or bank information, make sure the address bar shows "https://" rather than just "http://" which indicates that the web browser is secure.
Keep anti-spyware, anti-virus and anti-spam software up to date. While consumers are ultimately responsible for keeping personal and financial information private, these technologies are designed to help keep phishing attacks at a minimum.
To check the reliability of a company www.bbb.org